Security Rules for Pipeline operations

The primary goal for Pipeline queries rules support is to match the filteringcapabilities of the existing Rules engine. While Pipeline queries offer a richset of features, the Rules engine is restricted to recognizing simple filters toensure query satisfiability and security.

Supported Filter Expressions

For a query to be constrained by your rules, it must use standard comparisonoperators against constants. The following filter types are recognized by theRules engine:

  • Equality and Inequality:eq,neq.
  • Comparisons:gt,gte,lt,lte.
  • Membership:in,arrayContains.

Here are some examples:

  • where(eq("foo", 2))
  • where(lt("foo", 2))
  • documents("/user/1", "/user/2").where(...)
Note: Complex expressions, such as arithmetic within a filter (For example,where(eq("foo" * 2, 10))) or string functions likestrContains, are notrecognized for constraining queries.

Request Properties

You can continue to use therequest object to validate authentication andquery context, though some properties available in standard queries are notsupported in pipelines.

Supported properties

The new engine continues to support the following properties:

  • request.auth: Access user uid and token data.
  • request.method: Identifies the operation (For example,get,list).
  • request.path: The path of the resource being accessed.
  • request.time: The server-side timestamp of the request.

Unsupported properties

Therequest.query properties such aslimit,offset, andorderBy areunsupported for Pipelines rule checks due to the complexity of determining thesevalues in multi-stage queries.

Pipeline stage handling and permissions

There are different pipeline stages that map to specific granular operations insecurity rules:

  • allow list permissions: Triggered bycollection(),collectionGroup(),anddatabase() stages.
  • allow get permissions: Triggered by thedocuments() stage, which istreated similarly to a batchget operation.
  • Field modification stages: Rules only operate on stored data and not derivedvalues. If a pipeline includes stages that modify fields (For example,AddFields,ReplaceWith,Select), the Rules engine stops applyingfilter constraints after that stage is encountered.
  • Literals stage: Theliterals() stage does not read from the database butcan incur costs. To prevent abuse, it must be paired with another stage(likecollection()) that can be verified by rules.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-18 UTC.